GitHub Repository

Supply chain security scanner for MCP servers. Detect typosquats, CVEs, credential leaks, and dangerous permissions in your AI agent configs.

5 starsJavaScript

MCPShield – Supply chain security scanner for MCP servers

Name: MCPShield – Supply chain security scanner for MCP servers
Availability: InStock
Author: ethanmizrahi

by ethanmizrahi·Feb 18, 2026·1 point·3 comments

Visit Project View on HN

AI Analysis

●●SolidNiche GemShip It

The Take

Think “Snyk for MCP configs”: Levenshtein-based typosquat detection, CVE lookups, hardcoded-credential scans and permission checks, plus CI-friendly exit codes. Auto-discovery for clients like Claude, Cursor and VS Code shows practical attention to workflows. It’s an early release — the value hinges on maintaining the package/CVE databases and tuning detection heuristics.

Similar Projects

Security●●●Banger

Aguara – Security scanner for AI agent skills and MCP servers

Semgrep for AI agents—138 rules, offline, catches obfuscated attacks other scanners miss.

Solve My ProblemBig Brain

garagon

123mo ago

Security●●Solid

MCP Certify – Auto-test MCP servers for security and compliance

Lighthouse-style certification for MCP servers with trivy supply chain scanning.

Ship ItSolve My Problem

jackgladowsky

102mo ago

Security●●Solid

Agentsec – Security scanner for AI agent installations (MCP, OpenClaw)

Bundles CI-friendly scanners that target agent-specific risks: 17 patterned secret detectors, prompt-injection and instruction‑malware heuristics, tool/SSRF and MCP auth checks, plus SARIF/JSON outputs for integration. Findings map to the OWASP Top 10 for Agentic Applications (2026) and it adds 'harden' profiles to apply safer defaults to OpenClaw/MCP installs — practical, focused ops tooling rather than a generic secret-finder.

Niche GemSolve My Problem

debu_sinha_1

233mo ago

Security●Mid